Vulnerabilities / Threats
9/27/2009
11:05 AM
Alexander Wolfe
Alexander Wolfe
Commentary
Connect Directly
Twitter
Facebook
RSS
E-Mail
50%
50%

Wolfe's Den Podcast: Trend Micro Takes Security To The Cloud

Eva Chen, CEO and co-founder of Trend Micro, talks about what cloud-computing users should do to secure their data and how her company is itself using the cloud to protect against the explosion of malware.

Welcome to the first in my periodic series of columns focusing on major security vendors. For the launch edition, I sat down with Eva Chen, CEO and co-founder of Trend Micro, to talk about changes roiling the industry. The discussion took place against the backdrop of an arena that's being buffeted by the rising tide of malware. (Click on the play icon right here to access the podcast, or scroll to the bottom to see the full player.)

Chen and I chatted after the panel I hosted at the InformationWeek 500 Conference, "Strategic Security: Maximizing The Business Value Of Your Security Investment." During that session, along with noting user concerns about cloud security, she emphasized how cloud computing is changing the way enterprises approach protecting their resources.

We returned to the cloud theme in the podcast, with Chen mentioning that the top concern repeatedly raised by cloud customers is security. She also pointed out that utilizing cloud resources creates a situation where a user's data, system and network could all be in different places. This, in turn, shifts the security focus squarely to locking down that data. Her advice: "The customer should insist that only they themselves have full access to their data," adding that not even the cloud provider should have such access.

Chan said that users need to go to their cloud provider and make sure their security policies match up. "They should [also] come up with a policy for how they want to secure their own data. For example, a new technology like identity based encryption can be used," she explained. "Customers can encrypt their own data with their identity, and therefore only they themselves can access that data."

Cloud has also been a key enabler for an advance Trend has brought to its own security products. Namely, Trend has moved its library of malware signatures to the cloud. This was done with an eye towards ending the frequent -- and frequently large -- downloads of signature updates common to client-side security programs. Maintaining malware signatures in the cloud allows them to be easily updated and rapidly accessed by end-user security programs.

"Every two seconds, there's a new piece of malware," Chen said. "It's impossible to store all the malware signatures on a tiny netbook. Therefore Trend Micro came up with the smart protection network -- we put all these signatures up in the cloud."

Trend maintains what it calls Threat Reputation Databases, comprised of Web, e-mail, and file threats. These are lengthy lists of phishing pages, spam sources, and dangerous executables. The word "reputation" comes into play because Trend uses a technique called reputation scoring to assess the relative threat, or "reputation" of a suspicious file or Web page. "Therefore customers can have a very lightweight agent on their machine and all these reputation databases in the cloud will provide the most up to date database list of threats," Chen said.

Enterprise Security

The advent of Windows 7 is also changing the landscape somewhat, because of its potent, policy-based security tools. For example, Microsoft's new operating system has features which enforce what apps can be run on individual users' systems and what data they can access.

However, Chen notes that attempts to lock down data, while laudable, won't necessarily be impenetrable when you're talking about enterprises with increasingly large mobile work forces.

As well, increased mobility kills the idea of a tight security perimeter. The upshot, says Chen, is you need to rethink your endpoint: "There's no way you can different between you network and my network. Every endpoint needs to be secure." (This includes USB drives walking data out of the company.)

At the end of the podcast, I asked Chen for a couple of advice takeaways. "Rethink your end-point security, because of all those mobile devices out there, which need to be secure," she said. "Second, secure your Web site. It's outward-facing -- that's where your company's reputation and brand are at risk."

For Further Reading

Trend Micro's TrendLabs Malware Blog;

My NetworkComputing blog: Cybersecurity Challenge: Is Your Network Safe? (Probably Not);

Another NetworkComputing post: Crypto Key Management Is Next Wave In Net Security;

What's your take? Let me know, by leaving a comment below or e-mailing me directly at alex@alexwolfe.net.

Follow me on Twitter: (@awolfe58)

Alexander Wolfe is editor-in-chief of InformationWeek.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2227
Published: 2014-07-25
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

CVE-2014-5027
Published: 2014-07-25
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.

CVE-2014-5100
Published: 2014-07-25
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_...

CVE-2014-5101
Published: 2014-07-25
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authn...

CVE-2014-5102
Published: 2014-07-25
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.